The Agent Skills Directory

[SAFE]: The skill facilitates local record-keeping and consultation of project history. It uses standard file operations within the project's own directory and does not request network access or administrative privileges.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes project history records created from previous conversations. However, this behavior is essential for its function as a memory tool and is considered safe in this context. Evidence points: 1. Ingestion points: Record files in the ledger/ directory. 2. Boundary markers: Record templates use markdown headers but lack explicit isolation markers. 3. Capability inventory: Access to file writing and task management tools. 4. Sanitization: No explicit sanitization of ingested content is performed.- [COMMAND_EXECUTION]: The skill includes a local bash script (hooks/capture-reminder.sh) designed to analyze tool inputs for potential capture opportunities. The script is passive, performing read-only string matching via standard utilities, and does not execute external code.

awareness-ledger